Security and continuity

At Comrads, we know that security is crusial. Protecting your privacy is therefore our top priority and the reason why we adopt and adhere to the best industry standards. Comrads is ISO/IEC 27001 certified and complies with the requirements and standards of the AVG. To that end, Comrads takes strict precautionary, technical and organizational security measures to ensure a high level of security to protect your data, data and files from unauthorized or unlawful access.

BSI ISO27001 Mark of Trust

Last BSI audit certification: December 12, 2023

Hosting and storage

Secure and scalable cloud storage

All client applications and modules at Comrads run exclusively within the EEA on private cloud servers from Amazon Web Services (AWS), our trusted business partner with a global network of powerful data centers. These are secured with access protocols, biometric scanning profiles and 24/7 surveillance and monitoring.

Physical security

Authorized access only

AWS' data servers are designed to minimize the impact of global operational disruptions. In addition, AWS data centers are staffed 24/7 by specially trained security guards, secured by CCTV cameras and biometric access controls. Authorized access is granted on a need-to-know basis.

Availability

Always safely accessible

Comrads offers scalable SaaS solutions that can be accessed globally and 24/7 via a web browser. So you don't have to install anything on your own servers. Secured by a strict role-based system (RBAC), each request for access to your stored information is verified via profiles and ensures that your assets are securely available at all times.

Server and application security

Just standard is not enough

All of Comrads' private cloud servers are effectively secured and encrypted. Comrads not only uses the standard AWS Shield service, a managed Distributed Denial of Service (DDoS) protection, but Comrads additionally implements the full-stack server and application security services AWS Inspector, AWS GuardDuty, AWS CloudWatch and Bitninja Fullstack Security. Together, these services guarantee a high level of security against attacks and threats.

Comrads full-stack server and application security

Application Access

Users can access Comrads' applications globally and 24/7 with a browser and Internet connection. All traffic to and from Comrads' applications uses only a secure HTTPS connection, so all data (including usernames and passwords) is transferred via an encrypted connection. Furthermore, it is possible to make client applications accessible only from specific IP addresses. Comrads also supports Single-Sign-On (SSO) to grant (internal) users secure access with only one set of login credentials.

Server Access

Administrative access to all our servers at AWS is limited to authorized Comrads employees only from the Comrads office or remotely via the Comrads VPN using the SSH and MySQL protocol. Each client basically has its own server within Comrads' standard VPC. It is not possible to "hop" from one server to another within the same VPC. This is prevented by IP restriction.

Network Security

Comrads' network is protected by firewalls and virus scanners that are maintained with regular upgrades and patches. Remote access to Comrads' network is only possible through our VPN. In addition, all workstations are secured and protected by the latest Endpoint Security software from ESET.

Backups

If for any reason you do lose or damage some files, a full backup is always available. Our software protects the countless hours and resources you've invested in creating and managing your asset and (meta)data by creating incremental and full backups. In the event of a failure or incident, we can perform an immediate backup restore.

Staff

All our employees are trained and aware of the applicable safety standards. To this end, Comrads holds regular training and awareness sessions for all new and existing employees. These sessions include personal interviews, (online) tech sessions and awareness meetings that ensure that security documentation is read and understood. Also, new employees are always screened.

Suppliers

To ensure our high level of security across the board, chain responsibility plays an important role. This means that Comrads only chooses or allows business partners and suppliers who can provide at least the same level of security or better or who can meet Comrads' requirements. Contractual arrangements are made with each partner and processor agreements and confidentiality are a minimum requirement. Within the procedures of our ISO/IEC 27001 management system, all our partners are regularly audited.